CCX Add-on for AWS Products

About Us: CyberCX is Australia’s greatest force of cyber security experts. Our highly skilled professional services team operates a 24x7 on-shore security operations centre (SOC) servicing corporate and public sector organisations across Australia and New Zealand, specialising in Security Operations services leveraging Splunk. Description: CCX Security Operations has taken it upon ourselves to develop a CCX Add-on for AWS Products to provide further CIM compliance coverage not only for logs ingested via 'Splunk Add-on for AWS'. This TA was built using a large dataset and endeavours to be the most CIM compliant comprehensive field extraction for AWS various products listed. The Technical Addon is designed for ingest based on an SQS-Based S3 "Custom Data Type" via the Splunk Add-on for AWS or Syslog and is to be used on Search Heads. Listed products supported: - AWS Network Firewall - AWS Web Application Firewall - AWS S3 VPC Flow - AWS Macie - AWS API Gateway Access Logs - AWS Security Hub Custom (HEC|JSON) Features: - This TA currently supports logtypes tagged under the following CIM datamodels: Alert, Change, Network Traffic and Web.